Opened 9 years ago

Closed 9 years ago

Last modified 9 years ago

#11037 closed (duplicate)

Support HTTPOnly cookie for HttpResponse.set_cookie

Reported by: Henrik Vendelbo Owned by: nobody
Component: HTTP handling Version: master
Severity: Keywords:
Cc: Triage Stage: Design decision needed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:


Most browsers has some support for HTTPOnly cookies. It provides some protection against XSS attacks.

I've added another optional parameter to the set_cookie method. I also figured that it should be possible to make the sessionid use the flag.

Attachments (1)

Change History (4)

comment:1 Changed 9 years ago by Matt McClanahan

Has patch: unset
milestone: 1.1
Triage Stage: UnreviewedDesign decision needed

It's too late for new features in 1.1.

comment:2 Changed 9 years ago by mrts

Resolution: duplicate
Status: newclosed

Duplicate of #3304. Please search the existing ticket list before submitting new tickets.

comment:3 Changed 9 years ago by Henrik Vendelbo

I did search for httponly and set_cookie, didn't find anything

Anyway, I added a couple of doctests for HttpResponse that might be useful

Note: See TracTickets for help on using tickets.
Back to Top